rahosts - report network addresses in argus(8) data.

NAME

       rahosts - report network addresses in argus(8) data.

COPYRIGHT

       Copyright (c) 2000-2003 QoSient. All rights reserved.

SYNOPSIS

       rahosts [ra-options] -M modes [ expression ]

DESCRIPTION

       Rahosts  reads  argus(8)  data from an argus data source, and outputs a
       list of sorted network addresses.  Based  on  user  supplied  criteria,
       rahosts  can  generate  lists  of IP addresses and/or MAC addresses, if
       available.  With IP addresses, rahosts can track the full  network  and
       host address, or any network address, based on the mode indicated.

       Like  all ra based clients, rahosts supports a large number of options,
       configuration through  .rarc  files,  and  input  filtering  using  the
       terminating filter expression.

       See the ra(1) man page for details on ra-options and expression syntax.

RAHOSTS SPECIFIC OPTIONS

       -M mode
            Specify mode of operation.  Supported address modes are ip,  ether
            and  all  address  types.   The default is to output IP addresses.
            When IP Addresses are being processed, the network address can  be
            specified  with  the  additional  modes  class, classA, classB and
            classC.

EXAMPLES

       By default, rahosts will output the unique  IP  addresses  seen  in  an
       argus data stream.  Using the -M mode options you can output all unique
       class B network addresses that access the server narly.wave.com:

              rahosts -r argus.data -M classB host narly.wave.com

       Print the ethernet addresses used to support the HTTP service.

              rahosts -r argus.data -M ether dst port http

AUTHORS

       Carter Bullard (carter@qosient.com).

NAME

COPYRIGHT

SYNOPSIS

DESCRIPTION

RAHOSTS SPECIFIC OPTIONS

EXAMPLES

AUTHORS

SEE ALSO